package com.whl.cloud.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

import com.whl.cloud.fergn.UserCenter;
import com.whl.cloud.oauth.PermissionServiceImpl;
import com.whl.cloud.oauth.UserDetailsServiceImpl;
import com.whl.cloud.oauth.WhlPasswordEncoder;

@Configuration
@ConditionalOnBean(UserCenter.class)
@EnableWebSecurity
@Order(SecurityProperties.BASIC_AUTH_ORDER - 3)
class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Autowired
	private UserDetailsServiceImpl userDetailsService;
	@Autowired
	private PermissionServiceImpl permissionService;
	@Autowired
	private WhlPasswordEncoder whlPasswordEncoder;

	@Bean
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}

	/**
	 * * 系统安全用户验证模式： * 1、使用内存模式创建验证 * 2、使用数据库创建验证，实现userDetailsService接口即可
	 */

	/**
	 * 配置用户签名服务 主要是user-details 机制，
	 *
	 * @param auth
	 *            签名管理器构造器，用于构建用户具体权限控制
	 * @throws Exception
	 */
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(userDetailsService).passwordEncoder(whlPasswordEncoder);
	}

	@Override
	public void configure(WebSecurity web) throws Exception {
		super.configure(web);
	}

	/**
	 * * 允许对特定的http请求基于安全考虑进行配置,默认情况下，适用于所有的请求， *
	 * 但可以使用requestMatcher(RequestMatcher)或者其它相似的方法进行限制
	 */

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry = http.authorizeRequests()// 定义权限配置
				.antMatchers(permissionService.anonymous()).anonymous()// 可以匿名登录
				.anyRequest().authenticated()// 任何请求都必须经过认证才能访问
		;
		String[] authorities = permissionService.authority();
		for (String authority : authorities) {
			expressionInterceptUrlRegistry.antMatchers(authority).hasAuthority("/gateway" + authority);
		}
		expressionInterceptUrlRegistry.and().formLogin().disable();
		expressionInterceptUrlRegistry.anyRequest().permitAll().and().csrf().disable()// 禁止跨域请求
				.httpBasic();// 进行http Basic认证
	}

}
